| As a new active security-defensive mechanism Intrusion Detection System can provide the host and network dynamic protection.It not only detects the intrusion from the extranet hacker but also monitors intranet users. Now next generation IDS are mostly using a strategy of combining protocol analysis which makes use of the specifications of protocol and outstanding pattern matching algorithm, to solve the contradiction between the accuracy and the timeliness.Fistly, based on the research of IDS developing status and direction at home and abroad, via combining anomaly detection and misuse detection, the author put forward the idea that pattern matching combines with the technology of protocol analysis, comparing with traditional pattern matching, it can reduce the count workload,the false positive and false negative efficiency. Secondly, after deeply having a study on common BM pattern matching methods of IDS, the author brought forward an improved pattern matching algorithm, this algorithm improved matching efficiency. By introducing the method of latest protocol analysis to the network intrusion detection system, the author set forth the model of network intrusion detection system based on pattern matching and protocol analysis. Packet capture was realized efficiently by using Winpcap in the system, the problem of protocol decoding, packet restructuring and reorganization of data flow subparagraph were resolved via pre-process module, regular analysis was expatiated based on Snort, We. also improved both regular division and the generation of regular lists based on Snort, at the same time, the analysis process of IP, TCP and UDP protocol were deeply probed, in protocol analysis module. Two strategyes were gived included both active responses and passive responses in responses module. Test results show that the model is feasible and efficient. |
PDF Full Text Request